From f7c7d7e3ee6e2e7c701c0d1c13f9a1662fc4278e Mon Sep 17 00:00:00 2001
From: Alexander Davis <alex@adcm.uk>
Date: Mon, 10 Aug 2020 15:30:11 +0100
Subject: [PATCH 1/5] Basic UI

@luketainton please edit lines 120-140 on the editsub and managesub files
---
 app/public/editsub.php   | 154 ++++++++++++++++++++++++++++++++++++
 app/public/managesub.php | 165 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 319 insertions(+)
 create mode 100644 app/public/editsub.php
 create mode 100644 app/public/managesub.php

diff --git a/app/public/editsub.php b/app/public/editsub.php
new file mode 100644
index 0000000..127379c
--- /dev/null
+++ b/app/public/editsub.php
@@ -0,0 +1,154 @@
+<?php
+    $PAGE_NAME = "Upload file";
+    require_once __DIR__ . "/../includes/header.php";
+
+    $request = get_request($db, $_GET['rid']);
+    $updates = get_updates($db, $request);
+    $authorised_users = get_subscribers($db, $request);
+    $is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
+?>
+
+
+
+<!-- Begin page content -->
+<main role="main" class="flex-shrink-0">
+
+  <?php if (!is_signed_in()) { ?>
+    <section>
+      <div class="container">
+        <div class='alert alert-danger alert-dismissible fade show' role='alert'>
+          You need to log in to access this page.
+          <button type='button' class='close' data-dismiss='alert' aria-label='Close'>
+            <span aria-hidden='true'>&times;</span>
+          </button>
+        </div>
+      </div>
+    </section>
+  <?php } else {
+      if ($is_authorised == true) { ?>
+      <section class="jumbotron text-center">
+        <div class="container">
+          <h1><?php echo($request['title']); ?></h1>
+          <p style="color: gray; font-style: italic;"><?php echo("#" . sprintf("%'.05d\n", $request["id"])); ?></p>
+          <p class="lead text-muted"><?php echo($request['description']); ?></p>
+        </div>
+      </section>
+      <section>
+        <div class="container">
+          <div class="row">
+            <div class="col-4">
+              <div class="card mx-auto">
+                <div class="card-header"><span class="mdi mdi-information-outline"></span> Information</div>
+                <ul class="list-group list-group-flush">
+                  <li class="list-group-item">
+                    <div class="container">
+                      <div class="row">
+                        <span style="display: inline;"><b>Status:</b></span>
+                        <span style="display: inline; margin-left: 1%;"><?php echo($request['status']); ?></span>
+                      </div>
+                    </div>
+                  </li>
+                  <li class="list-group-item">
+                    <div class="container">
+                      <div class="row">
+                        <span style="display: inline;"><b>Created by:</b></span>
+                        <span style="display: inline; margin-left: 1%;"><?php echo(get_user_name($db, $request['created_by'])); ?></span>
+                      </div>
+                    </div>
+                  </li>
+                  <li class="list-group-item">
+                    <div class="container">
+                      <div class="row">
+                        <span style="display: inline;"><b>Assigned to:</b></span>
+                        <?php if ($request['assignee'] != null) {
+                          echo("<span style='display: inline; margin-left: 1%;'>" . get_user_name($db, $request['assignee']) . "</span>");
+                        } else {
+                          echo("<span class='text-muted' style='display: inline; margin-left: 1%;'>None</span>");
+                        } ?>
+                      </div>
+                    </div>
+                  </li>
+                  <li class="list-group-item">
+                    <div class="container">
+                      <div class="row">
+                        <span style="display: inline;"><b>Created:</b></span>
+                        <span style="display: inline; margin-left: 1%;"><?php echo($request['created_on']); ?></span>
+                      </div>
+                    </div>
+                  </li>
+                  <li class="list-group-item">
+                    <div class="container">
+                      <div class="row">
+                        <span style="display: inline;"><b>Last updated:</b></span>
+                        <span style="display: inline; margin-left: 1%;"><?php echo($request['last_updated']); ?></span>
+                      </div>
+                    </div>
+                  </li>
+                </ul>
+              </div>
+            </div>
+
+            <div class="col-8">
+              <div class="card mx-auto">
+                <div class="card-header"><span class="mdi mdi-update"></span> Updates</div>
+                <ul class="list-group list-group-flush">
+                  <?php
+                    if (count($updates) == 0) {
+                      echo("<center><b>No updates</b></center>");
+                    } else {
+                      foreach($updates as $update) {
+                  ?>
+                    <li class="list-group-item">
+                      <div class="container">
+                        <div class="row">
+                          <span style="display: inline;"><b><?php echo(get_user_name($db, $update['user'])); ?></b></span><span class="text-muted"><i><?php echo(" " . $update['created']); ?></i></span>
+                        </div>
+                        <div class="row">
+                          <span><?php echo($update['msg']); ?></span>
+                        </div>
+                      </div>
+                    </li>
+                  <?php } } ?>
+                </ul>
+              </div>
+            </div>
+
+          </div>
+        </div>
+      </section>
+
+      <section style="margin-top: 2%;">
+        <div class="container">
+          <div class="row">
+            <div class="col-12">
+              <div class="card mx-auto">
+                <div class="card-header"><span class="mdi mdi-send-outline"></span> Edit Subscriber</div>
+                  <form action="/actions/update" method="post" enctype="multipart/form-data">
+                    <div class="form-group">
+                      <input type="hidden" id="rid" name="rid" value="<?php echo($request['uuid']); ?>">
+                    </div>
+                    <div class="form-group" style="margin: 2%;">
+                      <textarea type="text" class="form-control" id="msg" name="msg" rows="3"></textarea>
+                      <button type="submit" class="btn btn-primary" style="margin-top: 2%;">Submit</button>
+                      <a href="/view?rid=<?php echo($_GET['rid']); ?>" class="btn btn-danger" style="margin-top: 2%;">Cancel</a>
+                    </div>
+                  </form>
+              </div>
+            </div>
+          </div>
+        </div>
+      </section>
+
+    <?php } else if ($is_authorised == false) { ?>
+      <section class="jumbotron text-center">
+        <div class="container">
+          <h1>You are not authorised to see this page.</h1>
+        </div>
+      </section>
+    <?php } } ?>
+
+</main>
+
+<?php
+    require_once __DIR__ . "/../includes/footer.php";
+?>
diff --git a/app/public/managesub.php b/app/public/managesub.php
new file mode 100644
index 0000000..238e5f3
--- /dev/null
+++ b/app/public/managesub.php
@@ -0,0 +1,165 @@
+<?php
+    $PAGE_NAME = "Upload file";
+    require_once __DIR__ . "/../includes/header.php";
+
+    $request = get_request($db, $_GET['rid']);
+    $updates = get_updates($db, $request);
+    $authorised_users = get_subscribers($db, $request);
+    $is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
+?>
+
+
+
+<!-- Begin page content -->
+<main role="main" class="flex-shrink-0">
+
+  <?php if (!is_signed_in()) { ?>
+    <section>
+      <div class="container">
+        <div class='alert alert-danger alert-dismissible fade show' role='alert'>
+          You need to log in to access this page.
+          <button type='button' class='close' data-dismiss='alert' aria-label='Close'>
+            <span aria-hidden='true'>&times;</span>
+          </button>
+        </div>
+      </div>
+    </section>
+  <?php } else {
+      if ($is_authorised == true) { ?>
+      <section class="jumbotron text-center">
+        <div class="container">
+          <h1><?php echo($request['title']); ?></h1>
+          <p style="color: gray; font-style: italic;"><?php echo("#" . sprintf("%'.05d\n", $request["id"])); ?></p>
+          <p class="lead text-muted"><?php echo($request['description']); ?></p>
+        </div>
+      </section>
+      <section>
+        <div class="container">
+          <div class="row">
+            <div class="col-4">
+              <div class="card mx-auto">
+                <div class="card-header"><span class="mdi mdi-information-outline"></span> Information</div>
+                <ul class="list-group list-group-flush">
+                  <li class="list-group-item">
+                    <div class="container">
+                      <div class="row">
+                        <span style="display: inline;"><b>Status:</b></span>
+                        <span style="display: inline; margin-left: 1%;"><?php echo($request['status']); ?></span>
+                      </div>
+                    </div>
+                  </li>
+                  <li class="list-group-item">
+                    <div class="container">
+                      <div class="row">
+                        <span style="display: inline;"><b>Created by:</b></span>
+                        <span style="display: inline; margin-left: 1%;"><?php echo(get_user_name($db, $request['created_by'])); ?></span>
+                      </div>
+                    </div>
+                  </li>
+                  <li class="list-group-item">
+                    <div class="container">
+                      <div class="row">
+                        <span style="display: inline;"><b>Assigned to:</b></span>
+                        <?php if ($request['assignee'] != null) {
+                          echo("<span style='display: inline; margin-left: 1%;'>" . get_user_name($db, $request['assignee']) . "</span>");
+                        } else {
+                          echo("<span class='text-muted' style='display: inline; margin-left: 1%;'>None</span>");
+                        } ?>
+                      </div>
+                    </div>
+                  </li>
+                  <li class="list-group-item">
+                    <div class="container">
+                      <div class="row">
+                        <span style="display: inline;"><b>Created:</b></span>
+                        <span style="display: inline; margin-left: 1%;"><?php echo($request['created_on']); ?></span>
+                      </div>
+                    </div>
+                  </li>
+                  <li class="list-group-item">
+                    <div class="container">
+                      <div class="row">
+                        <span style="display: inline;"><b>Last updated:</b></span>
+                        <span style="display: inline; margin-left: 1%;"><?php echo($request['last_updated']); ?></span>
+                      </div>
+                    </div>
+                  </li>
+                </ul>
+              </div>
+            </div>
+
+            <div class="col-8">
+              <div class="card mx-auto">
+                <div class="card-header"><span class="mdi mdi-update"></span> Updates</div>
+                <ul class="list-group list-group-flush">
+                  <?php
+                    if (count($updates) == 0) {
+                      echo("<center><b>No updates</b></center>");
+                    } else {
+                      foreach($updates as $update) {
+                  ?>
+                    <li class="list-group-item">
+                      <div class="container">
+                        <div class="row">
+                          <span style="display: inline;"><b><?php echo(get_user_name($db, $update['user'])); ?></b></span><span class="text-muted"><i><?php echo(" " . $update['created']); ?></i></span>
+                        </div>
+                        <div class="row">
+                          <span><?php echo($update['msg']); ?></span>
+                        </div>
+                      </div>
+                    </li>
+                  <?php } } ?>
+                </ul>
+              </div>
+            </div>
+
+          </div>
+        </div>
+      </section>
+
+      <section style="margin-top: 2%;">
+        <div class="col-sm">
+          <div class="card mx-auto">
+            <div class="card-header">
+              <span class="mdi mdi-rss"></span> Request Subscribers
+            </div>
+            <ul class="list-group list-group-flush">
+              <?php
+                if (count($subscribers) == 0) {
+                  echo("<center><b>No subscribers</b></center>");
+                } else {
+                  foreach($subscribers as $sub) { ?>
+              <li class="list-group-item">
+                <div class="container">
+                  <div class="row">
+                    <div class="col-10">
+                      <span style="display: inline;" class="text-muted">#<?php echo sprintf("%'.05d\n", $sub["id"]); ?> </span><span><b><?php echo($sub['title']); ?></b></span> <span style="display: inline;" class="text-muted"><?php echo("(Creator: " . get_user_name($db, $sub['created_by']) . ")"); ?></span>
+                      <p class="m-0"><?php echo($sub['description']); ?></p>
+                    </div>
+                    <div class="col-2">
+                      <a class="btn btn-success float-right" href="view?rid=<?php echo($sub["uuid"]); ?>" role="button">Edit</a>
+                      <a class="btn btn-success float-right" href="view?rid=<?php echo($sub["uuid"]); ?>" role="button">Delete</a>
+                    </div>
+                  </div>
+                </div>
+              </li>
+              <?php } } ?>
+            </ul>
+          </div>
+        </section>
+        </div>
+      </section>
+
+    <?php } else if ($is_authorised == false) { ?>
+      <section class="jumbotron text-center">
+        <div class="container">
+          <h1>You are not authorised to see this page.</h1>
+        </div>
+      </section>
+    <?php } } ?>
+
+</main>
+
+<?php
+    require_once __DIR__ . "/../includes/footer.php";
+?>
-- 
2.49.1


From 48d5b2ee7362531f0ac77b5b229da980ce31f47f Mon Sep 17 00:00:00 2001
From: Luke Tainton <luke@tainton.uk>
Date: Mon, 10 Aug 2020 16:00:27 +0100
Subject: [PATCH 2/5] :sparkles: Add subscription management

Signed-off-by: Luke Tainton <luke@tainton.uk>
---
 app/includes/app_functions.php |  13 +++++
 app/public/actions/addsub.php  |  30 ++++++++++
 app/public/actions/delsub.php  |  30 ++++++++++
 app/public/managesub.php       | 102 ++++++++++++++++-----------------
 4 files changed, 121 insertions(+), 54 deletions(-)
 create mode 100644 app/public/actions/addsub.php
 create mode 100644 app/public/actions/delsub.php

diff --git a/app/includes/app_functions.php b/app/includes/app_functions.php
index 4011194..6d7bf28 100644
--- a/app/includes/app_functions.php
+++ b/app/includes/app_functions.php
@@ -1,4 +1,17 @@
 <?php
+  function get_all_users($db) {
+    try {
+      $stmt = "SELECT * FROM users";
+      $sql = $db->prepare($stmt);
+      $sql->execute();
+      $sql->setFetchMode(PDO::FETCH_ASSOC);
+      $result = $sql->fetchAll();
+    } catch (PDOException $e) {
+      echo("Error: " . $e->getMessage());
+    }
+    return $result;
+  }
+
   function get_user_name($db, $user_uuid) {
     try {
       $stmt = "SELECT given_name, family_name FROM users WHERE uuid=:uuid";
diff --git a/app/public/actions/addsub.php b/app/public/actions/addsub.php
new file mode 100644
index 0000000..6a18db0
--- /dev/null
+++ b/app/public/actions/addsub.php
@@ -0,0 +1,30 @@
+<?php
+    $PAGE_NAME = "Add subscriber";
+    require_once __DIR__ . "/../../includes/prereqs.php";
+
+    $request = get_request($db, $_POST['rid']);
+    $authorised_users = get_subscribers($db, $request);
+    $is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
+
+    // Add subscriber
+    if ($is_authorised == true) {
+        if($_SERVER['REQUEST_METHOD'] == 'POST') {
+          try {
+              $stmt = "INSERT INTO ticket_subscribers (ticket_uuid, user_uuid) VALUES (:tktuuid, :usruuid)";
+              $sql = $db->prepare($stmt);
+              $sql->bindParam(':tktuuid', $request['uuid']);
+              $sql->bindParam(':usruuid', $POST['addSubSelector']);
+              $sql->execute();
+          } catch (PDOException $e) {
+              $alert = array("danger", "Failed to add subscriber: " . $e->getMessage());
+          }
+        }
+        $newURL = "/managesub?rid=" . $request['uuid'];
+        echo("<script>window.location = '$newURL'</script>");
+    } else {
+        $alert = array("danger", "You are not authorised to manage subscribers on this request.");
+        $newURL = "/managesub?rid=" . $request['uuid'];
+        echo("<script>window.location = '$newURL'</script>");
+    }
+
+?>
diff --git a/app/public/actions/delsub.php b/app/public/actions/delsub.php
new file mode 100644
index 0000000..f4ed389
--- /dev/null
+++ b/app/public/actions/delsub.php
@@ -0,0 +1,30 @@
+<?php
+    $PAGE_NAME = "Delete subscribers";
+    require_once __DIR__ . "/../../includes/prereqs.php";
+
+    $request = get_request($db, $_POST['rid']);
+    $authorised_users = get_subscribers($db, $request);
+    $is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
+
+    // Add subscriber
+    if ($is_authorised == true) {
+        if($_SERVER['REQUEST_METHOD'] == 'POST') {
+          try {
+              $stmt = "DELETE FROM ticket_subscribers WHERE ticket_uuid=:tktuuid AND user_uuid=:usruuid";
+              $sql = $db->prepare($stmt);
+              $sql->bindParam(':tktuuid', $request['uuid']);
+              $sql->bindParam(':usruuid', $POST['addSubSelector']);
+              $sql->execute();
+          } catch (PDOException $e) {
+              $alert = array("danger", "Failed to remove subscriber(s): " . $e->getMessage());
+          }
+        }
+        $newURL = "/managesub?rid=" . $request['uuid'];
+        echo("<script>window.location = '$newURL'</script>");
+    } else {
+        $alert = array("danger", "You are not authorised to manage subscribers on this request.");
+        $newURL = "/managesub?rid=" . $request['uuid'];
+        echo("<script>window.location = '$newURL'</script>");
+    }
+
+?>
diff --git a/app/public/managesub.php b/app/public/managesub.php
index 238e5f3..e403603 100644
--- a/app/public/managesub.php
+++ b/app/public/managesub.php
@@ -1,11 +1,12 @@
 <?php
-    $PAGE_NAME = "Upload file";
+    $PAGE_NAME = "Manage request subscribers";
     require_once __DIR__ . "/../includes/header.php";
 
     $request = get_request($db, $_GET['rid']);
-    $updates = get_updates($db, $request);
     $authorised_users = get_subscribers($db, $request);
     $is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
+
+    $all_users = get_all_users($db);
 ?>
 
 
@@ -38,7 +39,9 @@
           <div class="row">
             <div class="col-4">
               <div class="card mx-auto">
-                <div class="card-header"><span class="mdi mdi-information-outline"></span> Information</div>
+                <div class="card-header"><span class="mdi mdi-information-outline">
+                  </span> Information
+                </div>
                 <ul class="list-group list-group-flush">
                   <li class="list-group-item">
                     <div class="container">
@@ -90,66 +93,57 @@
 
             <div class="col-8">
               <div class="card mx-auto">
-                <div class="card-header"><span class="mdi mdi-update"></span> Updates</div>
+                <div class="card-header">
+                  <span class="mdi mdi-rss"></span> Manage Subscribers
+                </div>
                 <ul class="list-group list-group-flush">
-                  <?php
-                    if (count($updates) == 0) {
-                      echo("<center><b>No updates</b></center>");
-                    } else {
-                      foreach($updates as $update) {
-                  ?>
-                    <li class="list-group-item">
-                      <div class="container">
-                        <div class="row">
-                          <span style="display: inline;"><b><?php echo(get_user_name($db, $update['user'])); ?></b></span><span class="text-muted"><i><?php echo(" " . $update['created']); ?></i></span>
-                        </div>
-                        <div class="row">
-                          <span><?php echo($update['msg']); ?></span>
-                        </div>
+                  <li class="list-group-item">
+                    <div class="container">
+                      <div class="row">
+                        <form method="post" action="/actions/delsub">
+                          <div class="form-group">
+                            <input type="hidden" id="rid" name="rid" value="<?php echo($request['uuid']); ?>">
+                            <label for="delSubSelector">Remove subscribers:</label>
+                            <select multiple class="form-control" id="delSubSelector" name="delSubSelector">
+                              <?php foreach($authorised_users as $usr) {
+                                  $usr_name = get_user_name($db, $usr['uuid']) . " (" . $usr['uid'] . ")";
+                                  echo("<option value='" . $usr['uuid'] . "'>" . $usr_name . "</option>");
+                                } ?>
+                            </select>
+                          </div>
+                          <button type="submit" class="btn btn-danger">Submit</button>
+                        </form>
                       </div>
-                    </li>
-                  <?php } } ?>
+                    </div>
+                  </li>
+                  <li class="list-group-item">
+                    <div class="container">
+                      <div class="row">
+                        <form method="post" action="/actions/addsub">
+                          <div class="form-group">
+                            <input type="hidden" id="rid" name="rid" value="<?php echo($request['uuid']); ?>">
+                            <label for="addSubSelector">Add subscriber:</label>
+                            <select class="form-control" id="addSubSelector" name="addSubSelector">
+                              <?php foreach($all_users as $usr) {
+                                if (!in_array($usr['uuid'], $authorised_users)) {
+                                  $usr_name = get_user_name($db, $usr['uuid']) . " (" . $usr['uid'] . ")";
+                                  echo("<option value='" . $usr['uuid'] . "'>" . $usr_name . "</option>");
+                                }
+                              } ?>
+                            </select>
+                          </div>
+                          <button type="submit" class="btn btn-primary">Submit</button>
+                        </form>
+                      </div>
+                    </div>
+                  </li>
                 </ul>
               </div>
             </div>
-
           </div>
         </div>
       </section>
 
-      <section style="margin-top: 2%;">
-        <div class="col-sm">
-          <div class="card mx-auto">
-            <div class="card-header">
-              <span class="mdi mdi-rss"></span> Request Subscribers
-            </div>
-            <ul class="list-group list-group-flush">
-              <?php
-                if (count($subscribers) == 0) {
-                  echo("<center><b>No subscribers</b></center>");
-                } else {
-                  foreach($subscribers as $sub) { ?>
-              <li class="list-group-item">
-                <div class="container">
-                  <div class="row">
-                    <div class="col-10">
-                      <span style="display: inline;" class="text-muted">#<?php echo sprintf("%'.05d\n", $sub["id"]); ?> </span><span><b><?php echo($sub['title']); ?></b></span> <span style="display: inline;" class="text-muted"><?php echo("(Creator: " . get_user_name($db, $sub['created_by']) . ")"); ?></span>
-                      <p class="m-0"><?php echo($sub['description']); ?></p>
-                    </div>
-                    <div class="col-2">
-                      <a class="btn btn-success float-right" href="view?rid=<?php echo($sub["uuid"]); ?>" role="button">Edit</a>
-                      <a class="btn btn-success float-right" href="view?rid=<?php echo($sub["uuid"]); ?>" role="button">Delete</a>
-                    </div>
-                  </div>
-                </div>
-              </li>
-              <?php } } ?>
-            </ul>
-          </div>
-        </section>
-        </div>
-      </section>
-
     <?php } else if ($is_authorised == false) { ?>
       <section class="jumbotron text-center">
         <div class="container">
-- 
2.49.1


From 244e03adee90c17bb292a0062788c35c6c098e56 Mon Sep 17 00:00:00 2001
From: Luke Tainton <luke@tainton.uk>
Date: Mon, 10 Aug 2020 16:00:27 +0100
Subject: [PATCH 3/5] :sparkles: Add subscription management

Signed-off-by: Luke Tainton <luke@tainton.uk>
---
 app/includes/app_functions.php |  13 +++++
 app/public/actions/addsub.php  |  30 ++++++++++
 app/public/actions/delsub.php  |  30 ++++++++++
 app/public/managesub.php       | 102 ++++++++++++++++-----------------
 4 files changed, 121 insertions(+), 54 deletions(-)
 create mode 100644 app/public/actions/addsub.php
 create mode 100644 app/public/actions/delsub.php

diff --git a/app/includes/app_functions.php b/app/includes/app_functions.php
index 4011194..6d7bf28 100644
--- a/app/includes/app_functions.php
+++ b/app/includes/app_functions.php
@@ -1,4 +1,17 @@
 <?php
+  function get_all_users($db) {
+    try {
+      $stmt = "SELECT * FROM users";
+      $sql = $db->prepare($stmt);
+      $sql->execute();
+      $sql->setFetchMode(PDO::FETCH_ASSOC);
+      $result = $sql->fetchAll();
+    } catch (PDOException $e) {
+      echo("Error: " . $e->getMessage());
+    }
+    return $result;
+  }
+
   function get_user_name($db, $user_uuid) {
     try {
       $stmt = "SELECT given_name, family_name FROM users WHERE uuid=:uuid";
diff --git a/app/public/actions/addsub.php b/app/public/actions/addsub.php
new file mode 100644
index 0000000..6a18db0
--- /dev/null
+++ b/app/public/actions/addsub.php
@@ -0,0 +1,30 @@
+<?php
+    $PAGE_NAME = "Add subscriber";
+    require_once __DIR__ . "/../../includes/prereqs.php";
+
+    $request = get_request($db, $_POST['rid']);
+    $authorised_users = get_subscribers($db, $request);
+    $is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
+
+    // Add subscriber
+    if ($is_authorised == true) {
+        if($_SERVER['REQUEST_METHOD'] == 'POST') {
+          try {
+              $stmt = "INSERT INTO ticket_subscribers (ticket_uuid, user_uuid) VALUES (:tktuuid, :usruuid)";
+              $sql = $db->prepare($stmt);
+              $sql->bindParam(':tktuuid', $request['uuid']);
+              $sql->bindParam(':usruuid', $POST['addSubSelector']);
+              $sql->execute();
+          } catch (PDOException $e) {
+              $alert = array("danger", "Failed to add subscriber: " . $e->getMessage());
+          }
+        }
+        $newURL = "/managesub?rid=" . $request['uuid'];
+        echo("<script>window.location = '$newURL'</script>");
+    } else {
+        $alert = array("danger", "You are not authorised to manage subscribers on this request.");
+        $newURL = "/managesub?rid=" . $request['uuid'];
+        echo("<script>window.location = '$newURL'</script>");
+    }
+
+?>
diff --git a/app/public/actions/delsub.php b/app/public/actions/delsub.php
new file mode 100644
index 0000000..f4ed389
--- /dev/null
+++ b/app/public/actions/delsub.php
@@ -0,0 +1,30 @@
+<?php
+    $PAGE_NAME = "Delete subscribers";
+    require_once __DIR__ . "/../../includes/prereqs.php";
+
+    $request = get_request($db, $_POST['rid']);
+    $authorised_users = get_subscribers($db, $request);
+    $is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
+
+    // Add subscriber
+    if ($is_authorised == true) {
+        if($_SERVER['REQUEST_METHOD'] == 'POST') {
+          try {
+              $stmt = "DELETE FROM ticket_subscribers WHERE ticket_uuid=:tktuuid AND user_uuid=:usruuid";
+              $sql = $db->prepare($stmt);
+              $sql->bindParam(':tktuuid', $request['uuid']);
+              $sql->bindParam(':usruuid', $POST['addSubSelector']);
+              $sql->execute();
+          } catch (PDOException $e) {
+              $alert = array("danger", "Failed to remove subscriber(s): " . $e->getMessage());
+          }
+        }
+        $newURL = "/managesub?rid=" . $request['uuid'];
+        echo("<script>window.location = '$newURL'</script>");
+    } else {
+        $alert = array("danger", "You are not authorised to manage subscribers on this request.");
+        $newURL = "/managesub?rid=" . $request['uuid'];
+        echo("<script>window.location = '$newURL'</script>");
+    }
+
+?>
diff --git a/app/public/managesub.php b/app/public/managesub.php
index 238e5f3..e403603 100644
--- a/app/public/managesub.php
+++ b/app/public/managesub.php
@@ -1,11 +1,12 @@
 <?php
-    $PAGE_NAME = "Upload file";
+    $PAGE_NAME = "Manage request subscribers";
     require_once __DIR__ . "/../includes/header.php";
 
     $request = get_request($db, $_GET['rid']);
-    $updates = get_updates($db, $request);
     $authorised_users = get_subscribers($db, $request);
     $is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
+
+    $all_users = get_all_users($db);
 ?>
 
 
@@ -38,7 +39,9 @@
           <div class="row">
             <div class="col-4">
               <div class="card mx-auto">
-                <div class="card-header"><span class="mdi mdi-information-outline"></span> Information</div>
+                <div class="card-header"><span class="mdi mdi-information-outline">
+                  </span> Information
+                </div>
                 <ul class="list-group list-group-flush">
                   <li class="list-group-item">
                     <div class="container">
@@ -90,66 +93,57 @@
 
             <div class="col-8">
               <div class="card mx-auto">
-                <div class="card-header"><span class="mdi mdi-update"></span> Updates</div>
+                <div class="card-header">
+                  <span class="mdi mdi-rss"></span> Manage Subscribers
+                </div>
                 <ul class="list-group list-group-flush">
-                  <?php
-                    if (count($updates) == 0) {
-                      echo("<center><b>No updates</b></center>");
-                    } else {
-                      foreach($updates as $update) {
-                  ?>
-                    <li class="list-group-item">
-                      <div class="container">
-                        <div class="row">
-                          <span style="display: inline;"><b><?php echo(get_user_name($db, $update['user'])); ?></b></span><span class="text-muted"><i><?php echo(" " . $update['created']); ?></i></span>
-                        </div>
-                        <div class="row">
-                          <span><?php echo($update['msg']); ?></span>
-                        </div>
+                  <li class="list-group-item">
+                    <div class="container">
+                      <div class="row">
+                        <form method="post" action="/actions/delsub">
+                          <div class="form-group">
+                            <input type="hidden" id="rid" name="rid" value="<?php echo($request['uuid']); ?>">
+                            <label for="delSubSelector">Remove subscribers:</label>
+                            <select multiple class="form-control" id="delSubSelector" name="delSubSelector">
+                              <?php foreach($authorised_users as $usr) {
+                                  $usr_name = get_user_name($db, $usr['uuid']) . " (" . $usr['uid'] . ")";
+                                  echo("<option value='" . $usr['uuid'] . "'>" . $usr_name . "</option>");
+                                } ?>
+                            </select>
+                          </div>
+                          <button type="submit" class="btn btn-danger">Submit</button>
+                        </form>
                       </div>
-                    </li>
-                  <?php } } ?>
+                    </div>
+                  </li>
+                  <li class="list-group-item">
+                    <div class="container">
+                      <div class="row">
+                        <form method="post" action="/actions/addsub">
+                          <div class="form-group">
+                            <input type="hidden" id="rid" name="rid" value="<?php echo($request['uuid']); ?>">
+                            <label for="addSubSelector">Add subscriber:</label>
+                            <select class="form-control" id="addSubSelector" name="addSubSelector">
+                              <?php foreach($all_users as $usr) {
+                                if (!in_array($usr['uuid'], $authorised_users)) {
+                                  $usr_name = get_user_name($db, $usr['uuid']) . " (" . $usr['uid'] . ")";
+                                  echo("<option value='" . $usr['uuid'] . "'>" . $usr_name . "</option>");
+                                }
+                              } ?>
+                            </select>
+                          </div>
+                          <button type="submit" class="btn btn-primary">Submit</button>
+                        </form>
+                      </div>
+                    </div>
+                  </li>
                 </ul>
               </div>
             </div>
-
           </div>
         </div>
       </section>
 
-      <section style="margin-top: 2%;">
-        <div class="col-sm">
-          <div class="card mx-auto">
-            <div class="card-header">
-              <span class="mdi mdi-rss"></span> Request Subscribers
-            </div>
-            <ul class="list-group list-group-flush">
-              <?php
-                if (count($subscribers) == 0) {
-                  echo("<center><b>No subscribers</b></center>");
-                } else {
-                  foreach($subscribers as $sub) { ?>
-              <li class="list-group-item">
-                <div class="container">
-                  <div class="row">
-                    <div class="col-10">
-                      <span style="display: inline;" class="text-muted">#<?php echo sprintf("%'.05d\n", $sub["id"]); ?> </span><span><b><?php echo($sub['title']); ?></b></span> <span style="display: inline;" class="text-muted"><?php echo("(Creator: " . get_user_name($db, $sub['created_by']) . ")"); ?></span>
-                      <p class="m-0"><?php echo($sub['description']); ?></p>
-                    </div>
-                    <div class="col-2">
-                      <a class="btn btn-success float-right" href="view?rid=<?php echo($sub["uuid"]); ?>" role="button">Edit</a>
-                      <a class="btn btn-success float-right" href="view?rid=<?php echo($sub["uuid"]); ?>" role="button">Delete</a>
-                    </div>
-                  </div>
-                </div>
-              </li>
-              <?php } } ?>
-            </ul>
-          </div>
-        </section>
-        </div>
-      </section>
-
     <?php } else if ($is_authorised == false) { ?>
       <section class="jumbotron text-center">
         <div class="container">
-- 
2.49.1


From ba5e020d600285b309c6698ab0173f3d86422f83 Mon Sep 17 00:00:00 2001
From: Luke Tainton <luke@tainton.uk>
Date: Mon, 10 Aug 2020 16:05:12 +0100
Subject: [PATCH 4/5] :bug: Fix incorrect POST variable and add foreach()

Signed-off-by: Luke Tainton <luke@tainton.uk>
---
 app/public/actions/delsub.php | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/app/public/actions/delsub.php b/app/public/actions/delsub.php
index f4ed389..917e59a 100644
--- a/app/public/actions/delsub.php
+++ b/app/public/actions/delsub.php
@@ -9,14 +9,16 @@
     // Add subscriber
     if ($is_authorised == true) {
         if($_SERVER['REQUEST_METHOD'] == 'POST') {
-          try {
-              $stmt = "DELETE FROM ticket_subscribers WHERE ticket_uuid=:tktuuid AND user_uuid=:usruuid";
-              $sql = $db->prepare($stmt);
-              $sql->bindParam(':tktuuid', $request['uuid']);
-              $sql->bindParam(':usruuid', $POST['addSubSelector']);
-              $sql->execute();
-          } catch (PDOException $e) {
-              $alert = array("danger", "Failed to remove subscriber(s): " . $e->getMessage());
+          foreach ($_POST['addSubSelector'] as $sub) {
+            try {
+                $stmt = "DELETE FROM ticket_subscribers WHERE ticket_uuid=:tktuuid AND user_uuid=:usruuid";
+                $sql = $db->prepare($stmt);
+                $sql->bindParam(':tktuuid', $request['uuid']);
+                $sql->bindParam(':usruuid', $sub);
+                $sql->execute();
+            } catch (PDOException $e) {
+                $alert = array("danger", "Failed to remove subscriber(s): " . $e->getMessage());
+            }
           }
         }
         $newURL = "/managesub?rid=" . $request['uuid'];
-- 
2.49.1


From 27cd8d168d616f4e26b0e06490e65d964b92e23a Mon Sep 17 00:00:00 2001
From: Luke Tainton <luke@tainton.uk>
Date: Mon, 10 Aug 2020 16:09:34 +0100
Subject: [PATCH 5/5] :art: Fix file names and add link on view.php

Signed-off-by: Luke Tainton <luke@tainton.uk>
---
 app/public/editsub.php                        | 91 ++++++++++---------
 app/public/{managesub.php => editsub.php.old} | 91 +++++++++----------
 app/public/view.php                           |  5 +-
 3 files changed, 94 insertions(+), 93 deletions(-)
 rename app/public/{managesub.php => editsub.php.old} (62%)

diff --git a/app/public/editsub.php b/app/public/editsub.php
index 127379c..e403603 100644
--- a/app/public/editsub.php
+++ b/app/public/editsub.php
@@ -1,11 +1,12 @@
 <?php
-    $PAGE_NAME = "Upload file";
+    $PAGE_NAME = "Manage request subscribers";
     require_once __DIR__ . "/../includes/header.php";
 
     $request = get_request($db, $_GET['rid']);
-    $updates = get_updates($db, $request);
     $authorised_users = get_subscribers($db, $request);
     $is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
+
+    $all_users = get_all_users($db);
 ?>
 
 
@@ -38,7 +39,9 @@
           <div class="row">
             <div class="col-4">
               <div class="card mx-auto">
-                <div class="card-header"><span class="mdi mdi-information-outline"></span> Information</div>
+                <div class="card-header"><span class="mdi mdi-information-outline">
+                  </span> Information
+                </div>
                 <ul class="list-group list-group-flush">
                   <li class="list-group-item">
                     <div class="container">
@@ -90,51 +93,53 @@
 
             <div class="col-8">
               <div class="card mx-auto">
-                <div class="card-header"><span class="mdi mdi-update"></span> Updates</div>
+                <div class="card-header">
+                  <span class="mdi mdi-rss"></span> Manage Subscribers
+                </div>
                 <ul class="list-group list-group-flush">
-                  <?php
-                    if (count($updates) == 0) {
-                      echo("<center><b>No updates</b></center>");
-                    } else {
-                      foreach($updates as $update) {
-                  ?>
-                    <li class="list-group-item">
-                      <div class="container">
-                        <div class="row">
-                          <span style="display: inline;"><b><?php echo(get_user_name($db, $update['user'])); ?></b></span><span class="text-muted"><i><?php echo(" " . $update['created']); ?></i></span>
-                        </div>
-                        <div class="row">
-                          <span><?php echo($update['msg']); ?></span>
-                        </div>
+                  <li class="list-group-item">
+                    <div class="container">
+                      <div class="row">
+                        <form method="post" action="/actions/delsub">
+                          <div class="form-group">
+                            <input type="hidden" id="rid" name="rid" value="<?php echo($request['uuid']); ?>">
+                            <label for="delSubSelector">Remove subscribers:</label>
+                            <select multiple class="form-control" id="delSubSelector" name="delSubSelector">
+                              <?php foreach($authorised_users as $usr) {
+                                  $usr_name = get_user_name($db, $usr['uuid']) . " (" . $usr['uid'] . ")";
+                                  echo("<option value='" . $usr['uuid'] . "'>" . $usr_name . "</option>");
+                                } ?>
+                            </select>
+                          </div>
+                          <button type="submit" class="btn btn-danger">Submit</button>
+                        </form>
                       </div>
-                    </li>
-                  <?php } } ?>
+                    </div>
+                  </li>
+                  <li class="list-group-item">
+                    <div class="container">
+                      <div class="row">
+                        <form method="post" action="/actions/addsub">
+                          <div class="form-group">
+                            <input type="hidden" id="rid" name="rid" value="<?php echo($request['uuid']); ?>">
+                            <label for="addSubSelector">Add subscriber:</label>
+                            <select class="form-control" id="addSubSelector" name="addSubSelector">
+                              <?php foreach($all_users as $usr) {
+                                if (!in_array($usr['uuid'], $authorised_users)) {
+                                  $usr_name = get_user_name($db, $usr['uuid']) . " (" . $usr['uid'] . ")";
+                                  echo("<option value='" . $usr['uuid'] . "'>" . $usr_name . "</option>");
+                                }
+                              } ?>
+                            </select>
+                          </div>
+                          <button type="submit" class="btn btn-primary">Submit</button>
+                        </form>
+                      </div>
+                    </div>
+                  </li>
                 </ul>
               </div>
             </div>
-
-          </div>
-        </div>
-      </section>
-
-      <section style="margin-top: 2%;">
-        <div class="container">
-          <div class="row">
-            <div class="col-12">
-              <div class="card mx-auto">
-                <div class="card-header"><span class="mdi mdi-send-outline"></span> Edit Subscriber</div>
-                  <form action="/actions/update" method="post" enctype="multipart/form-data">
-                    <div class="form-group">
-                      <input type="hidden" id="rid" name="rid" value="<?php echo($request['uuid']); ?>">
-                    </div>
-                    <div class="form-group" style="margin: 2%;">
-                      <textarea type="text" class="form-control" id="msg" name="msg" rows="3"></textarea>
-                      <button type="submit" class="btn btn-primary" style="margin-top: 2%;">Submit</button>
-                      <a href="/view?rid=<?php echo($_GET['rid']); ?>" class="btn btn-danger" style="margin-top: 2%;">Cancel</a>
-                    </div>
-                  </form>
-              </div>
-            </div>
           </div>
         </div>
       </section>
diff --git a/app/public/managesub.php b/app/public/editsub.php.old
similarity index 62%
rename from app/public/managesub.php
rename to app/public/editsub.php.old
index e403603..127379c 100644
--- a/app/public/managesub.php
+++ b/app/public/editsub.php.old
@@ -1,12 +1,11 @@
 <?php
-    $PAGE_NAME = "Manage request subscribers";
+    $PAGE_NAME = "Upload file";
     require_once __DIR__ . "/../includes/header.php";
 
     $request = get_request($db, $_GET['rid']);
+    $updates = get_updates($db, $request);
     $authorised_users = get_subscribers($db, $request);
     $is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
-
-    $all_users = get_all_users($db);
 ?>
 
 
@@ -39,9 +38,7 @@
           <div class="row">
             <div class="col-4">
               <div class="card mx-auto">
-                <div class="card-header"><span class="mdi mdi-information-outline">
-                  </span> Information
-                </div>
+                <div class="card-header"><span class="mdi mdi-information-outline"></span> Information</div>
                 <ul class="list-group list-group-flush">
                   <li class="list-group-item">
                     <div class="container">
@@ -93,53 +90,51 @@
 
             <div class="col-8">
               <div class="card mx-auto">
-                <div class="card-header">
-                  <span class="mdi mdi-rss"></span> Manage Subscribers
-                </div>
+                <div class="card-header"><span class="mdi mdi-update"></span> Updates</div>
                 <ul class="list-group list-group-flush">
-                  <li class="list-group-item">
-                    <div class="container">
-                      <div class="row">
-                        <form method="post" action="/actions/delsub">
-                          <div class="form-group">
-                            <input type="hidden" id="rid" name="rid" value="<?php echo($request['uuid']); ?>">
-                            <label for="delSubSelector">Remove subscribers:</label>
-                            <select multiple class="form-control" id="delSubSelector" name="delSubSelector">
-                              <?php foreach($authorised_users as $usr) {
-                                  $usr_name = get_user_name($db, $usr['uuid']) . " (" . $usr['uid'] . ")";
-                                  echo("<option value='" . $usr['uuid'] . "'>" . $usr_name . "</option>");
-                                } ?>
-                            </select>
-                          </div>
-                          <button type="submit" class="btn btn-danger">Submit</button>
-                        </form>
+                  <?php
+                    if (count($updates) == 0) {
+                      echo("<center><b>No updates</b></center>");
+                    } else {
+                      foreach($updates as $update) {
+                  ?>
+                    <li class="list-group-item">
+                      <div class="container">
+                        <div class="row">
+                          <span style="display: inline;"><b><?php echo(get_user_name($db, $update['user'])); ?></b></span><span class="text-muted"><i><?php echo(" " . $update['created']); ?></i></span>
+                        </div>
+                        <div class="row">
+                          <span><?php echo($update['msg']); ?></span>
+                        </div>
                       </div>
-                    </div>
-                  </li>
-                  <li class="list-group-item">
-                    <div class="container">
-                      <div class="row">
-                        <form method="post" action="/actions/addsub">
-                          <div class="form-group">
-                            <input type="hidden" id="rid" name="rid" value="<?php echo($request['uuid']); ?>">
-                            <label for="addSubSelector">Add subscriber:</label>
-                            <select class="form-control" id="addSubSelector" name="addSubSelector">
-                              <?php foreach($all_users as $usr) {
-                                if (!in_array($usr['uuid'], $authorised_users)) {
-                                  $usr_name = get_user_name($db, $usr['uuid']) . " (" . $usr['uid'] . ")";
-                                  echo("<option value='" . $usr['uuid'] . "'>" . $usr_name . "</option>");
-                                }
-                              } ?>
-                            </select>
-                          </div>
-                          <button type="submit" class="btn btn-primary">Submit</button>
-                        </form>
-                      </div>
-                    </div>
-                  </li>
+                    </li>
+                  <?php } } ?>
                 </ul>
               </div>
             </div>
+
+          </div>
+        </div>
+      </section>
+
+      <section style="margin-top: 2%;">
+        <div class="container">
+          <div class="row">
+            <div class="col-12">
+              <div class="card mx-auto">
+                <div class="card-header"><span class="mdi mdi-send-outline"></span> Edit Subscriber</div>
+                  <form action="/actions/update" method="post" enctype="multipart/form-data">
+                    <div class="form-group">
+                      <input type="hidden" id="rid" name="rid" value="<?php echo($request['uuid']); ?>">
+                    </div>
+                    <div class="form-group" style="margin: 2%;">
+                      <textarea type="text" class="form-control" id="msg" name="msg" rows="3"></textarea>
+                      <button type="submit" class="btn btn-primary" style="margin-top: 2%;">Submit</button>
+                      <a href="/view?rid=<?php echo($_GET['rid']); ?>" class="btn btn-danger" style="margin-top: 2%;">Cancel</a>
+                    </div>
+                  </form>
+              </div>
+            </div>
           </div>
         </div>
       </section>
diff --git a/app/public/view.php b/app/public/view.php
index 65bb1e6..6d58f22 100644
--- a/app/public/view.php
+++ b/app/public/view.php
@@ -53,8 +53,9 @@
           <?php if ($request['status'] != 'Closed') { ?>
             <p>
               <a href='/update?rid=<?php echo($request["uuid"]); ?>' class='btn btn-primary my-2'>Update the request</a>
-              <a href='/upload?rid=<?php echo($request["uuid"]); ?>' class='btn btn-secondary my-2'>Add attachment(s)</a>
-              <button type="button" class="btn btn-primary" data-toggle="modal" data-target="#closeModal">Close the request</button>
+              <a href='/upload?rid=<?php echo($request["uuid"]); ?>' class='btn btn-primary my-2'>Add attachment(s)</a>
+              <a href='/editsub?rid=<?php echo($request["uuid"]); ?>' class='btn btn-secondary my-2'>Manage subscribers</a>
+              <button type="button" class="btn btn-danger" data-toggle="modal" data-target="#closeModal">Close the request</button>
             </p>
           <?php } ?>
         </div>
-- 
2.49.1